Vulnerabilities > Westerndigital
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-29 | CVE-2021-35941 | Improper Authentication vulnerability in Westerndigital products Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472. | 5.0 |
| 2021-06-11 | CVE-2021-33205 | Improper Privilege Management vulnerability in Westerndigital Edgerover Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. | 6.5 |
| 2021-03-19 | CVE-2021-28653 | Insecure Storage of Sensitive Information vulnerability in Westerndigital Armorlock The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. | 4.0 |
| 2021-03-10 | CVE-2021-3310 | Link Following vulnerability in Westerndigital MY Cloud OS Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. | 4.6 |
| 2020-12-12 | CVE-2020-29654 | Uncontrolled Search Path Element vulnerability in Westerndigital Dashboard Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account. | 6.9 |
| 2020-12-12 | CVE-2020-29563 | Improper Authentication vulnerability in Westerndigital MY Cloud OS 5 An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. | 7.5 |
| 2020-12-01 | CVE-2020-28971 | Improper Input Validation vulnerability in Westerndigital MY Cloud OS 5 An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. | 7.5 |
| 2020-12-01 | CVE-2020-28970 | Unspecified vulnerability in Westerndigital MY Cloud OS 5 An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. | 7.5 |
| 2020-12-01 | CVE-2020-28940 | Unspecified vulnerability in Westerndigital MY Cloud OS 5 On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device. | 7.5 |
| 2020-11-18 | CVE-2020-13799 | Authentication Bypass BY Capture-Replay vulnerability in multiple products Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. | 4.6 |